Lösungen

Preise

Partner

Login

Kostenlose Beratung

Spoofing

Spoofing is the feigning of a false identity, often as part of criminal activities. In IT, for example, this can take the form of emails that purport to come from trustworthy senders. The term is derived from the English verb “spoof”, which means to deceive or cheat.

What does spoofing mean in detail?

Spoofing is a procedure that is used for various criminal activities. Possibly faked trustworthy identities include:
  • Your bank
  • A well-known company like Amazon, Ebay or Paypal
  • The police or another authority
  • One of your service providers, customers or even your managing director
  • Friends, acquaintances or family members

By pretending to have such a trustworthy identity, users can be tricked into doing so:
  • visit compromised websites from which malicious programs (malware) are downloaded onto their computer
  • disclose usernames, passwords or even your bank details by entering them on a fake website
  • Betray sensitive company information or transfer large sums of money to an account, e.g. if the fraudsters pretend to be a superior(CEO fraud)
  • opening email attachments containing malware such as keyloggers or ransomware.
  • Blackmail attempts are also made using spoofing, e.g. under the identity of an alleged IT expert. This person claims to have observed and documented certain activities of their victim. These activities are often of an embarrassing nature. To avoid publication, the victim is asked to pay a ransom.

Where do I encounter the topic of “spoofing” in my day-to-day work?

You can potentially encounter it in every email and in every link that is not clearly legible to you. Spoofing can also be carried out on the telephone, e.g. by a caller pretending to be your administrator and asking you for your password.

What can I do to improve my safety?

In general: reduce your cyber risks. This will also reduce the chances of spoofing being successful. Specifically:
  • Take a critical approach to e-mails. If you have the slightest doubt, check the identity of the sender outside your e-mail program. For example, by making a quick phone call or visiting the website. Do not use the contact details from the suspicious e-mail, but information from your address book or official channels.
  • Make all employees in your company aware of this procedure, including your administrators, managing directors and board members. The short calls mentioned above can save your company from major damage.
  • Never click on links in e-mails to access your customer account. Access the relevant websites manually and log into your customer account as usual. Surprising invoices or alleged security checks often turn out to be non-existent.
  • For links, check the actual address to which the link leads. If there is the slightest doubt, do not click on it. Call up the desired page manually.
  • Always report blackmail attempts to the police. As absurd and inappropriate as they often are, they are criminal offenses.
Lösungen
Produkte:
Prävention
Risikobewertung
Notfallhilfe
Preise
Partner
Login
Kostenlose Beratung